Please note that there is now an updated version of this notice. Please see the following article.
IT security policy requires password changes every 180 days. In order to achieve this, passwords are set to expire approximately every 180 days. Warnings and reminders are sent in the period running up to password expiry times. This has been well established for staff and is being rolled out for students.
Some of you have been questioning whether or not genuine password change notices are phishing attacks. We are pleased that people are being alert to the possibility of malicious email attacks. However, we thought it would be useful to post an example of a genuine password change notification and highlight some of features that distinguish it from a phishing attack.
Thanks, this is a very useful example.